CVE-2007-4216 - OpenCVE

vsdatant.sys 6.5.737.0 in Check Point Zone Labs ZoneAlarm before 7.0.362 allows local users to gain privileges via a crafted Interrupt Request Packet (Irp) in a METHOD_NEITHER (1) IOCTL 0x8400000F or (2) IOCTL 0x84000013 request, which can be used to overwrite arbitrary memory locations.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Checkpoint	Zonealarm

Configuration 1 [-]

OR	cpe:2.3:a:checkpoint:zonealarm::::::::
	cpe:2.3:a:checkpoint:zonealarm:5.0.63.0:::::::*
	cpe:2.3:a:checkpoint:zonealarm:6.1.744.001:::::::*

References

Link	Resource
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=585
http://secunia.com/advisories/26513
http://securitytracker.com/id?1018589
http://www.reversemode.com/index.php?option=com_remository&Itemid=2&func=fileinfo&id=53
http://www.securityfocus.com/archive/1/477155/100/0/threaded
http://www.securityfocus.com/bid/25365
http://www.securityfocus.com/bid/25377
http://www.vupen.com/english/advisories/2007/2929	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/36107

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2007-08-21T17:00:00

Updated: 2018-10-15T20:57:01

Reserved: 2007-08-08T00:00:00

Link: CVE-2007-4216

JSON object: View

NVD Information

Status : Modified

Published: 2007-08-21T17:17:00.000

Modified: 2018-10-15T21:33:57.103

Link: CVE-2007-4216

JSON object: View

Redhat Information

No data.

CWE

CWE-20

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-08-20T00:00:00", "descriptions": [{"lang": "en", "value": "vsdatant.sys 6.5.737.0 in Check Point Zone Labs ZoneAlarm before 7.0.362 allows local users to gain privileges via a crafted Interrupt Request Packet (Irp) in a METHOD_NEITHER (1) IOCTL 0x8400000F or (2) IOCTL 0x84000013 request, which can be used to overwrite arbitrary memory locations."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-15T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "26513", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26513"}, {"name": "zonealarm-vsdatant-privilege-escalation(36107)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36107"}, {"name": "ADV-2007-2929", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/2929"}, {"name": "1018589", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1018589"}, {"name": "25365", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/25365"}, {"name": "20070820 Check Point Zone Labs VSDATANT Multiple IOCTL Privilege Escalation Vulnerabilities", "tags": ["third-party-advisory", "x_refsource_IDEFENSE"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=585"}, {"name": "25377", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/25377"}, {"name": "20070820 [Reversemode Advisory] CheckPoint ZoneLabs Vsdatant.sys multiple local privilege escalation vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/477155/100/0/threaded"}, {"tags": ["x_refsource_MISC"], "url": "http://www.reversemode.com/index.php?option=com_remository&Itemid=2&func=fileinfo&id=53"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-4216", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "vsdatant.sys 6.5.737.0 in Check Point Zone Labs ZoneAlarm before 7.0.362 allows local users to gain privileges via a crafted Interrupt Request Packet (Irp) in a METHOD_NEITHER (1) IOCTL 0x8400000F or (2) IOCTL 0x84000013 request, which can be used to overwrite arbitrary memory locations."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "26513", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26513"}, {"name": "zonealarm-vsdatant-privilege-escalation(36107)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36107"}, {"name": "ADV-2007-2929", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/2929"}, {"name": "1018589", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1018589"}, {"name": "25365", "refsource": "BID", "url": "http://www.securityfocus.com/bid/25365"}, {"name": "20070820 Check Point Zone Labs VSDATANT Multiple IOCTL Privilege Escalation Vulnerabilities", "refsource": "IDEFENSE", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=585"}, {"name": "25377", "refsource": "BID", "url": "http://www.securityfocus.com/bid/25377"}, {"name": "20070820 [Reversemode Advisory] CheckPoint ZoneLabs Vsdatant.sys multiple local privilege escalation vulnerabilities", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/477155/100/0/threaded"}, {"name": "http://www.reversemode.com/index.php?option=com_remository&Itemid=2&func=fileinfo&id=53", "refsource": "MISC", "url": "http://www.reversemode.com/index.php?option=com_remository&Itemid=2&func=fileinfo&id=53"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-4216", "datePublished": "2007-08-21T17:00:00", "dateReserved": "2007-08-08T00:00:00", "dateUpdated": "2018-10-15T20:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:checkpoint:zonealarm:*:*:*:*:*:*:*:*", "matchCriteriaId": "58FAC945-D7DA-4951-9D64-61D88E5D1FBD", "versionEndIncluding": "7.0.337.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:checkpoint:zonealarm:5.0.63.0:*:*:*:*:*:*:*", "matchCriteriaId": "41BDE4E4-86C3-4F51-A52B-429AFA143698", "vulnerable": true}, {"criteria": "cpe:2.3:a:checkpoint:zonealarm:6.1.744.001:*:*:*:*:*:*:*", "matchCriteriaId": "A714FC07-8279-45B4-BC84-5CE881260511", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "vsdatant.sys 6.5.737.0 in Check Point Zone Labs ZoneAlarm before 7.0.362 allows local users to gain privileges via a crafted Interrupt Request Packet (Irp) in a METHOD_NEITHER (1) IOCTL 0x8400000F or (2) IOCTL 0x84000013 request, which can be used to overwrite arbitrary memory locations."}, {"lang": "es", "value": "vsdatant.sys versi\u00f3n 6.5.737.0 en Check Point Zone Labs ZoneAlarm versiones anteriores a 7.0.362, permite a usuarios locales alcanzar privilegios por medio de un Interrupt Request Packet (Irp) dise\u00f1ado en una petici\u00f3n (1) IOCTL 0x8400000F o (2) IOCTL 0x8400000013 de METHOD_NEITHER, que puede ser usado para sobrescribir ubicaciones de memoria arbitrarias."}], "id": "CVE-2007-4216", "lastModified": "2018-10-15T21:33:57.103", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-08-21T17:17:00.000", "references": [{"source": "cve@mitre.org", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=585"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/26513"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1018589"}, {"source": "cve@mitre.org", "url": "http://www.reversemode.com/index.php?option=com_remository&Itemid=2&func=fileinfo&id=53"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/477155/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/25365"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/25377"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2007/2929"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36107"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}